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THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) 13 Responsive to communication(s) filed on 04 May 2004 . 

2a)n This action Is FINAL. 2b)|3 This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under £x parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) 13 Claim(s) li9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) 0 Claim(s) is/are allowed. 

6) 13 Claim(s) li9 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) 0 Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) 0 The specification is objected to by the Examiner. 

10)3 The drawing(s) filed on 27 January 2000 is/are: a)l3 accepted or b)n objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held In abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or fomn PTO-152. 

Priority under 35 U.S.C. § 119 

12)13 Acl^nowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)l3 All b)n Some * 0)0 None of: 

1 .13 Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 

30 Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1. 



The IDS of 5/5/04 was received and considered. 



2. 



Claims 1-9 are pending. 



Response to Arguments 



3. Applicant's arguments with respect to claims 1-9 have been considered but are moot in 
view of the new ground(s) of rejection. 

4. Regarding appHcant's arguments (page 6, 1|1) concerning Diffie-Hellman, the algorithm 
exchanges public values n and g, which are used with randomly chosen large integers x and y. 
The secret initial value (the session/secret key) that the Diffie-Hellman algorithm seeks to derive 
is not exchanged. Further, the Diffie-Hellman algorithm, as described by Schneier on page 513 
appears to be identical to the algorithm disclosed by appHcant on page 5 of the specification. 

5. Regarding applicant's arguments (page 6, ^[2-3), the Diffie-Hellman algorithm's purpose 
is not to use pre-stored secret keys. The two parties, using publicly available values (exchanged 
in some form), each independently derive the same value (which is secret to only the 
participators of the algorithm). 

6. Regarding applicant's arguments (page 7, Tf2), while the Hellman patent is not relied 
upon in this action, clarification that when Hellman refers to the secret signals, the reference is 
made to the derived values (x, y in Schneier) being secret, is required. The values are not 
permanently present, but derived for the protocol, as are the values for (x, y) as described by 
applicant on page 5 of the specification. 
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7. Regarding applicant's arguments (page 9), the Gasser patent is only relied upon for 
teaching the well known concept of key removal/destroying in cryptography as a method to 
reduce the risk of key compromise. 

8. Regarding applicant's general arguments (e.g. page 1, ^2) that the instant application 
differs from prior art in that secret values are not transformed/protected, applicant is directed to 
page 5, steps 1-2 of the specification where the specification clearly states that x and y are kept 
secret. 

Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

10. Claims 1, 3-5 & 7 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Applied Cryptography, Second Edition by Schneier in view of U.S. Patent 5,602,918 to Chen et 
al. (Chen). 

Regarding claims 1 & 3-5, Schneier teaches generating first yalues/(x, X) for determining 
the secret initial value/k (page 513, step 1), transmitting parts of the first values/X (page 513, 
step 1), generating second values/(y, Y) for determining the secret initial value/k' and 
transmitting parts of the second values A" (page 513, step 2), determining the secret initial value/k 
from at least parts of the first values/x and the transmitted parts of the second values/Y (page 
513, step 3) and detemiining the secret initial value/k' from at least parts of the second values/y 
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and the transmitted parts of the first values/X. Schneier lacks inserting a chip card into a 
processing station and lacks initiahzing the chip card by having the processing station perform 
steps 1 and 3 in the Schneier reference and the chip card perform steps 2 and 4 in the Schneier 
reference. Schneier only teaches a mathematical protocol, lacking implementation details, and 
hence lacks inserting a chip card into a processing station and initializing the chip card. 
However, Chen teaches that to initialize a smart card with a master key, the card/chip card is 
inserted into an initialization terminal/processing station and the key is transferred, preferably 
securely (col. 4, lines 5-31). The protocol taught by Schneier is beneficial over a standard key 
transfer, because no one listening to the exchanges can recover the key value (Schneier, page 
513). Therefore, it would have been obvious to one having ordinary skill in the art at the time 
the invention was made to apply the protocol of Schneier to the card initialization terminal, as 
taught by Chen (col. 4, lines 5-31). One of ordinary skill in the art would have been motivated to 
perform such a modification to initialize a smart card with a master key, as taught by Chen (col. 
4, lines 5-31) using a method to enhance the security of initiahzation, as taught by Schneier 
(pages 513-514). 

Regarding claim 7, Schneier lacks explicitly disclose encrypting and decrypting data with 
the key. However, the examiner takes Official Notice that using a secret key for encryption is 
old and well established in the art of cryptography as a method of protecting data. Therefore, it 
would have been obvious to one having ordinary skill in the art at the time the invention was 
made to use the secret initial value for encrypting and decrypting data. One of ordinary skill in 
the art would have been motivated to perform such a modification to protect data fi-om 
eavesdroppers. This advantage is well known to those skilled in the art. 



Application/Control Number: 09/492,273 



Art Unit: 2134 



Page 5 



11. Claim 2 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier in view 
of Chen, as applied to claim 1 above, and further in view of "Cryptographic Identification 
Methods for Smart Cards in the Process of Standardization" by Hans-Peter Konigs in further 
view of Handbook of Applied Cryptography by Menezes. Schneier discloses a system, as 
modified above, but lacks using an individual identifier to generate the initial value for the card. 
Konigs teaches that one can greatly simplify the problem of key management and make an 
explicit public key unnecessary by deducing a verification key from an identification 
word/individual identifier (see page 46). Therefore, it would have been obvious to one having 
ordinary skill in the art at the time the invention was made to further modify Schneier' s system 
to use identification information as the basis for a key. One of ordinary skill in the art would 
have been motivated to perform such a modification to simplify key management, as taught by 
Konigs (see page 46). Schneier, as modified above, lacks the identification information being a 
serial number. However, Menezes teaches that sequence numbers can be used to identify 
entities, often in key establishment protocols (see §10.3.1 & §10.12). Therefore, it would have 
been obvious to one having ordinary skill in the art at the time the invention was made to use the 
serial number of the smart card for identification, and hence as the basis for the key. One of 
ordinary skill in the art would have been motivated to perform such a modification to provide 
uniqueness, as taught by Menezes (see §10.3.1 & §10.12). 

12. Claim 6 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier in view 
of Chen, as applied to claim 1 above, and further in view of U.S. Patent 5,452,358 to Normile et 
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al. (Normile). Schneier, as applied to claim 1, does not disclose using the secret initial value as 
the start value for generating random numbers. However, Normile teaches that a secret key can 
be used as a seed value for generating random numbers, which can then be used to encrypt data 
(col. 4, hnes 9-20). Further, Schneier teaches that good keys are random strings, i.e. a key used 
for encryption should be, at least to some degree, random (pages 173-174). Therefore, it would 
have been obvious to one having ordinary skill in the art at the time the invention was made to 
use the secret initial value as a start value for generating random numbers. One of ordinary skill 
in the art would have been motivated to perform such a modification to add randomness to the 
keys used for encryption, as taught by Schneier (pages 173-174) and Normile (col. 4, lines 9-20). 

13. Claim 8 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier in view 
of Chen, as applied to claim 1 above, in further view of U.S. Patent 6,038,551 to Barlow et al. 
(Barlow). Schneier' s system, as modified above, lacks transmission of additional keys to the 
card. Schneier does however teach that keys also need to be cryptographically protected during 
transport and that it is common to encrypt data keys (keys for encrypting data) with key 
encrypting keys for transfer (page 176-177, §8.3). However, Barlow teaches that to support 
multiple applications, the card must enable a user to transport keys from one application to 
another (see col. 4, lines 34-49). Therefore, it would have been obvious to one having ordinary 
skill in the art at the time the invention was made to further modify Schneier' s system to allow 
multiple keys to be transported through the medium secured by the algorithm (as taught by 
Schneier). One of ordinary skill in the art would have been motivated to perform such a 
modification to support multiple applications, as taught by Barlow (see col. 4, lines 34-49). 
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14. Claim 9 is rejected under 35 U.S.C. 103(a) as being unpatentable over Schneier in view 
of Chen in view of Barlow, as applied to claim 8 above, and further in view of U.S. Patent 
5,224,163 to Gasser et al. (Gasser). Schneier's system, as modified above, lacks removal of the 
original session key after the receipt of personalization information. Gasser teaches that 
removing a key after it's use in an authorization system ensures security even if one of the 
participants is compromised thereafter (see col. 15, lines 51-65). Therefore, it would have been 
obvious to one having ordinary skill in the art at the time the invention was made to remove the 
session key from Schneier's system, as modified above, after the initial transaction was 
complete. One of ordinary skill in the art would have been motivated to perform such a 
modification to prevent compromise of both the card and the apparatus if either was 
compromised, as taught by Gasser (see col. 15, Unes 51-65). 

Conclusion 

15. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. The '827 reference is cited for teaching modifying a random number with a secret 
key (using a secret key as a start value for generating random numbers). 

b. The DataKey reference is cited for teaching smart cards performing Diffie- 
Hellman key agreement. 

c. The CCR reference is cited for teaching general encryption concepts such as 
symmetric key encryption. 
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16. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Michael J. Simitoski whose telephone number is (703)305-8191. 
The examiner can normally be reached on Monday - Thursday, 6:45 a.m. - 4:15 p.m.. The 
examiner can also be reached on alternate Fridays from 6:45 a.m. - 3:15 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory Morse can be reached on (703)308-4789. 

Any response to this action should be mailed to: 

Commissioner of Patents and Trademarks 
Washington, DC 20231 
Or faxed to: 

(703)746-7239 (for formal communications intended for entry) 

Or: 

(703)746-7240 (for informal or draft communications, please label "PROPOSED" 
or "DRAFT") 

Hand-delivered responses should be brought to Crystal Park II, 2121 Crystal Drive, 
Arlington, VA 22202, Fourth Floor (Receptionist). 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (703) 305-9000. 

Information regarding the status of an application may be obtained from the Patent 

Application Information Retrieval (PAIR) system. Status information for published applications 

may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 

applications is available through Private PAIR only. For more information about the PAIR 

system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 

system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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